Threat Intelligence Blog

Weekly Threat Intelligence Brief: August 30, 2016

Posted August 30, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“Cybercriminals wielding Locky crypto-locking ransomware are continuing to ramp up their assaults, especially in the healthcare sector, with attackers distributing less banking malware and more ransomware, according to new research.

So far this month, several “massive” new phishing campaigns have been launched, targeting victims in multiple industries with Locky ransomware, security researcher Chong Rong Hwa from cybersecurity firm FireEye says in a blog post […].”

Financial Services

“Scammers on popular photo-sharing platform Instagram are targeting thousands of followers of major financial institutions in an effort to extort victims into handing over money or disclosing personal banking information, new research has found. A report released by social media security firm ZeroFox titled “Post Grams Not Scams” has found over 4,000 unique instances of money flipping scams on the platform spread across more than 1,300 different Instagram accounts since 2013.

Using an in-house machine-learning classifier designed to analyse Instagram scam posts related to 37 of the biggest US financial institutions, ZeroFox researchers went into more than two million public Instagram posts from the last two years over a recent four-month period. The researchers identified thousands of money flipping scam posts created to lure users into sending money, particularly targeting the poor and members of the military.”

Legal

In U.S. v. Caira, the United States Court of Appeals for the Seventh Circuit found that there is no reasonable expectation of privacy in an IP address and related subscriber information, allowing law enforcement to obtain that information from third-party communications companies without a warrant. The issue was brought to court when a defendant was convicted of drug charges after his email address was tracked through administrative subpoenas to technology companies, which provided his subscriber information and IP login history.

Defense

“Ports in the US have reported attacks using an SQL injection flaw made public by a hacker known as bRpsd, who released a fully working exploit online without notifying the vendor in advance.

Following these events, ICS-CERT, the US-CERT division in charge of security alerts for industrial control systems (ICS), has issued advisories regarding the vulnerability’s existence and the ongoing series of attacks.

The affected application is Navis WebAccess, the Web-based component of the Navis maritime transportation logistics software suite, sold by the Cargotec Corporation.”